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TECHNICAL FIELD 

The present invention relates to the transmission of user profiles in the mobile 
Internet, and more particularly, to the use of a minimal user profile within mobile Internet 
transactions. 

BACKGROUND OF THE INVENTION 

Recent advances in wireless telecommunications have enabled the mobile Internet to 
grow by leaps and bounds. The mobile Internet provides users access to Internet services and 
other service based applications using mobile devices such as mobile telephones, portable 
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computers, pagers, personal digital assistants, etc., and makes new services such as location 
based and context aware applications available to users of the mobile Internet. Presently, 
wireless application protocol (WAP), iMode, and standard HTML over modified TCP/IP 
(used in most Personal Digital Assistants) are the most frequently used protocols on the 
5 mobile Internet. 

Along with the greater uses provided by mobile web services have also arisen greater 
privacy risks due to the ability of third parties to track the position, capability, preferences 
information, and other data pertaining to users of the mobile Internet. This raises the issue of 
appropriate data protection and privacy safeguards for Mobile Internet users who desire to be 

10 protected from being under permanent surveillance due to their use of wireless technology 
without resorting to protecting their privacy by not using mobile Internet services at all. 

Existing recommendations with respect to the Platform for Privacy Preferences 
Project (P3P) specifies a protocol that provides an automated way for users to gain control 
over the use of personal data on web sites they visit. The proposal enables web sites to 

15 express their privacy practices in a machine readable XML format that can be automatically 
retrieved and compared with a user's privacy preferences. Using this information, a user can 
make informed decisions on whether or not to submit a certain piece of personal information 
to a web site. 

In order to protect a user's right for informational self-determination, users should 
20 have control over their CPI (Capabilities and Preferences Information), represented by means 
of a profile, and determine how far and to what extent to communicate profile information to 
other web sites. The proposed protocol can enhance the user's privacy by transmitting the 

2 

DALLAS2 805812vl 3 4647-0043 8USPT 


Patent Application 
Docket #34647-00438USPT 
P14463US 

CPI only if there is an informed consent by the user about the origin server's site data 
collection and use practices. 

However, the existing exchange protocol CC/PP (Composite Capability/Preferences 
Profile) uses a modified WSP or HTTP GET request already containing the profile 
5 information or profile difference. The proposed P3P standard requires a first check as to 
whether there is sufficient match between the user's privacy preferences and the remote 
server's privacy policy before any personal data is transmitted. Thus, some manner for 
^ overcoming this conflict is necessary. 

jj 10 SUMMARY OF THE INVENTION 

.T The present invention overcomes the foregoing and other problems with a system and 

m method for contacting an origin server from a node associated with a user. A minimal user 

W profile containing only user designated CPI is generated by the user and stored within a node 

^ associated with the user. The minimal user profile is used to establish a connection with an 

15 origin server such that a determination may be made if the privacy policy of the origin server 
meets the privacy policy of the user. If the privacy policy of the origin server meets the 
privacy preferences of the user, the origin server may then be provided with a second user 
profile containing more detailed CPI. In a first embodiment, the node provides the second 
user profile within each request to the origin server. In an alternative embodiment, a single 
20 second user profile is forwarded to a WAP gateway interconnecting the node and the origin 
server, and this information is cached within the WAP gateway to replace the minimal user 
profile previously cached in this location. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

A more complete understanding of the method and apparatus of the present invention 
may be obtained by reference to the following Detailed Description when taken in 
conjunction with the accompanying Drawings wherein: 

FIGURE 1 illustrates the use of a minimal user profile and protocol communications 
between a user/user agent, a WAP gateway and an origin server; 

FIGURE 2 is a flow diagram illustrating one embodiment for communicating a 
minimal user profile between a user agent and an origin server; and 

FIGURE 3 is a flow diagram illustrating an alternative embodiment for using a 
minimal user profile between a user agent and an origin server. 

DETAILED DESCRIPTION 

Referring now to the drawings, and more particularly to FIGURE 1, in order to use 
CC/PP protocol with the P3P standard, a user defines a minimal user profile 10 for 
transmission between a user/user agent 15 and a WAP gateway 20 which includes only 
minimal CPI 25. The minimal user profile 10 should include only such CPI 25 (such as 
screen size, voice, graphic capabilities, etc.) that the user is ready to reveal to web sites 
(origin server 46) with which the user has not yet come to a P3P agreement. In extreme 
cases, the user may not wish to provide any information to a possible non-trustworthy web 
site and the user may define a minimal user profile 10 that is empty. A second user profile 
22 contains complete CPI information. The minimal user profile 10 has several uses 
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including communication within a "safe-zone" before a P3P agreement, accessing non-P3P 
enabled web sites or web sites that do not meet the user's P3P privacy preferences, and 
serving third party requests to the WAP gateway 20 for cached profiles 21 (i.e., generating 
content that will be subsequently be pushed to a client device). 
5 Referring now to FIGURE 2, there is described a process for communication using a 

defined minimal user profile and the P3P protocol in order to agree about data collection and 
the release of further CPI. Upon opening a WSP session, a client, through its user agent 30 
conveys a minimal user profile including Profile and Profile-Diff headers within a WSP 
connection request 35 to the WAP gateway 36. The WAP gateway 36 caches the minimal 

10 user profile at 38 for the lifetime of the WSP session. When the user desires to request 
content from a P3P enabled website, the user agent 30 first requests the web sites P3P policy 
reference file by issuing a standard WSP request 40 to the WAP gateway 36. The WAP 
gateway 36 forwards the request at 45 via HTTP and includes the minimal CPI within the 
minimal user profile associated with the session to an origin server 46. The origin server 46 

15 forwards the policy reference file back to the WAP gateway at 50 and the WAP gateway 
forwards the policy reference file on to the user agent 30 at 55. 

After receipt of the policy reference file at the user agent 30, the user agent 30 
requests the privacy policy from the origin server 46 using the minimal CPI stored within the 
minimal user profile of the WAP gateway 36. The request 60 passes from the user agent 30 

20 to the WAP gateway 36 and on to the origin server 46 at 65. The privacy policy is forwarded 
back from the origin server 46 to the WAP gateway 36 to the user agent at 70 and 75, 
respectively. The communications requesting the policy reference file and the privacy policy 
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are referred to as the Safe Zone since only minimal profile information is forwarded by the 
WAP gateway 36 to the origin server 46. Thus, only minimal privacy information is 
provided to the origin server about a user. 

The user agent 30 compares at 76 the web sites privacy policy with the preferences of 
5 the user to determine whether further CPI should be transmitted to the web site. Users have 
the option to choose the level of protection by defining privacy preferences for the whole CPI 
or different preferences for various CPI components and/or attributes. If the user or user 
agent 30 accepts the origin servers privacy policy, the CPI may be transmitted to the origin 
fri server 46 by a first embodiment wherein the user agent 30 includes complete client profile 

fO 10 information including profile-diff headers within each subsequent WSP request 80 in the 
s WSP session. The WAP gateway 36 overrides the cached minimal profile with the provided 

5 complete profile information for each request and forwards this to the origin server 46 within 

5f an HTTP request 85. The response from the origin server 46 is forwarded back to the WAP 

r " gateway 36 at 90 and from the WAP gateway 36 to the user agent 30 at 95. While the 

1 5 present description has been made with respect to the use of only two profiles, it should be 
understood that three or more profiles may be similarly implemented. 

If a user agrees that certain CPI attributes may be augmented by the WAP gateway 
36, the WSP request or resume messages should include a flag/attribute set that authorizes 
the WAP gateway 36 to add information to the CPI By sending the complete profile 
20 information with each subsequent request, the complete CPI profile of the user will not be 
cached within the WAP gateway. However, in contrast to the embodiment illustrated in 
FIGURE 3, the additional CPI data must be transferred before each request. The 
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embodiment of FIGURE 3 may only be used if one privacy policy is valid for an entire web 
site. 

Referring now to FIGURE 3, there is illustrated an alternative embodiment for 
transmitting the CPI to the origin server after the user agent has compared the privacy policy 

5 with the user preferences at 76. In this embodiment, the user agent 30 transmits a WSP 
session resume message 100 to the WAP gateway 36 containing a complete user profile 
containing profile and/or profile-diff headers with the new CPI containing all approved 
information. The WAP gateway 36 updates the cached CPI with the complete profile 
information at 105. When a next request is made from the user agent 30 to the WAP 

10 gateway 36 at 1 10, the WAP gateway forwards a request to the origin server at 1 15 using the 
complete profile information now cached within the WAP gateway 36, and a response will 
be passed back to the WAP gateway 36 and the user agent 30 at 120 and 125, respectively. 

The previous description is of a preferred embodiment for implementing the 
invention, and the scope of the invention should not necessarily be limited by this 

15 description. The scope of the present invention is instead defined by the following claims. 
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